Why are the S3 CloudTrail events empty for my bucket?

Question

I'm trying to find CloudTrail events for `my-s3-bucket` which can show me which account or resource is enabling events or other properties on the bucket. I thought API calls were logged by CloudTrail by default, but my event list is empty. Is my `aws-cli` command incorrect, or am I missing a configuration item on my bucket to enable API logging?

```
$  aws cloudtrail lookup-events --lookup-attributes AttributeKey=ResourceType,AttributeValue=AWS::S3::my-s3-bucket
{
    "Events": []
}
```

Accepted Answer

Hello.

It depends on what kind of events you are looking for, but by default it only records API history at the bucket level.  
https://docs.aws.amazon.com/AmazonS3/latest/userguide/cloudtrail-logging-s3-info.html

Also, I think your command has the "AttributeValue" wrong.  
If "AttributeKey" is "ResourceType", you need to enter the resource type "AWS::S3::Bucket" as shown below.  
```
aws cloudtrail lookup-events --lookup-attributes AttributeKey=ResourceType,AttributeValue=AWS::S3::Bucket
```

If you want to search by resource name, you need to do the following:  
```
aws cloudtrail lookup-events --lookup-attributes AttributeKey=ResourceName,AttributeValue=S3-BucketName
```

Why are the S3 CloudTrail events empty for my bucket?

관련 콘텐츠